I am trying to set up new computers and as it is a new computer it won't allow me to run the PowerShell script as admin. As I can't run it as administrator I can't REG ADD my AutoAdminLogon, DefaultUserName and DefaultPassword. How can I work around this to get my script to allow this and run as admin.
Add-Content -Path "C:\Install Logs\Install.log" -Value "Set up auto login as admin - $(Get-Date)"
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d AdminIT /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d Password /f
Only work around so far that I have found is to make a .bat file and in that force the PowerShell script to run as Admin.
PowerShell.exe -Command "& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy Bypass -File ""%~dpn0.ps1""' -Verb RunAs}"
Related
I have written a powershell script to set specific registry keys as a part of the installation of Open VPN. This configures OpenVPN GUI to look at the C:\Program Files\OpenVPN\OpenVPN folder to get it's configuration, amung other configurations.
Here's the script
#Set Registry for Open VPN GUI
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "allow_edit" /T REG_SZ /D "1" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "allow_password" /T REG_SZ /D "1" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "allow_proxy" /T REG_SZ /D "1" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "allow_service" /T REG_SZ /D "0" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "config_dir" /T REG_SZ /D "C:\Program Files\OpenVPN\OpenVPN\config" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "config_ext" /T REG_SZ /D "ovpn" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "connectscript_timeout" /T REG_SZ /D "15" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "disconnect_on_suspend" /T REG_SZ /D "0" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "disconnectscript_timeout" /T REG_SZ /D "10" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "editor" /T REG_SZ /D "C:\WINDOWS\notepad.exe" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "exe_path" /T REG_SZ /D "C:\Program Files\OpenVPN\bin\openvpn.exe" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "log_append" /T REG_SZ /D "0" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "log_dir" /T REG_SZ /D "C:\Program Files\OpenVPN\OpenVPN\log" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "log_viewer" /T REG_SZ /D "C:\WINDOWS\notepad.exe" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "preconnectscript_timeout" /T REG_SZ /D "10" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "priority" /T REG_SZ /D "NORMAL_PRIORITY_CLASS" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "service_only" /T REG_SZ /D "0" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "show_balloon" /T REG_SZ /D "1" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "show_script_window" /T REG_SZ /D "1" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "silent_connection" /T REG_SZ /D "0" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /V "passphrase_attempts" /T REG_SZ /D "3" /F
When i run the script locally, it does exactly what i need it to do, when deployed via intune it creates the reg keys in different location
When run locally it creates the keys here HKLM\SOFTWARE\OpenVPN-GUI
When deployed via Intune, the Keys are created here HKLM\SOFTWARE\WOW6432Node\OpenVPN-GUI
I undestand from the name that intune will to deploy it as a 32bit app so this could be my problem.
Is there any way round this?
You can either re-launch the script using the 64-bit version of powershell.exe:
if([System.Environment]::Is64BitOperatingSystem -and -not [System.Environment]::Is64BitProcess){
Start-Process $ENV:WINDIR\sysnative\WindowsPowershell\v1.0\PowerShell.exe -File "$PSCommandPath"
exit
}
# rest of script
... or instruct reg.exe to target the 64-bit view of the registry (/REG:64):
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /REG:64 /V "allow_edit" /T REG_SZ /D "1" /F
REG ADD "HKLM\SOFTWARE\OpenVPN-GUI" /REG:64 /V "allow_password" /T REG_SZ /D "1" /F
# etc....
I want to disable UAC on each client computers remotely via an application which executes commands on computer. When I execute the command below:
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD
I got this result.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA REG_DWORD 0x0
But when I check UAC manually, I see the UAC is active. What is the reason of this? Can you help to solve this problem? Thank you.
I solved this problem by restarting the computer after running script.
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
I want to make changes to a registry key through this command:
REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" /v TcpDynamicPorts /t REG_SZ /d 6363 /f
This has to happen in a cmd, which i ran as administrator through powershell with this command in a batch file:
powershell.exe Start-Process cmd.exe -Verb runAs
I need a UAC Prompt for the user to input his admin credentials to make it as user friendly as possible.
Now my question: How do i pass the reg add command to the console which i started as administrator?
You need to pass your command in -ArgumentList parameter like this:
powershell.exe "Start-Process powershell -ArgumentList 'REG ADD "HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Tcp\IPAll" /v TcpDynamicPorts /t REG_SZ /d 6363 /f' -Verb RunAs"
This will execute PowerShell which tries to execute another PowerShell window asking you for credentials and then execute REG ADD command and close PowerShell at the end.
Keep in mind that you don't have error handling or anything like this so you may want to add them later as they might be very useful.
I need to run a Powershell script to create AD user via a batch file. The thing is I need to run this PS script with elevated privileges (domain admin account). I have tried to script a '.bat' file which encloses all this information but I have been unsuccessful so far. Here is the script :
echo off
cls
echo Sign in with your ADM ID
set /p username=
powershell -noprofile -command "&{ start-process powershell -ArgumentList '-
noprofile -file C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-
Aduser_test.ps1' -verb RunAs}"
I have tried with line /netonly /user:adm#domain but It won't work.
Do you guys have any idea?
Thanks in advance.
I have finally ended up with this :
runas.exe /netonly /noprofile /user:domainadm#domain "powershell.exe -
noprofile -File "C:\Users\...\Desktop\Powershell_scripts\New-
ADuser\.ps1" -verb RunAs"
It works like a charm now!
Hope it will help anyone in need. ;)
you can start powershell with another credentials
#echo off
cls
echo Sign in with your ADM ID
set/P user="* user: "
rem set/P pass="* password: "
set "psCmd=powershell -Command "$pwd = read-host '* password' -AsSecureString; $BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd); [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)""
for /F "usebackq delims=" %%P in (`%psCmd%`) do set "pass=%%P"
powershell -executionpolicy bypass -Command "$p='%pass%'|convertto-securestring -asplaintext -force;$c=new-object -typename system.management.automation.pscredential('%user%',$p);start-process 'powershell' '-Command "C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-Aduser_test.ps1"' -credential $c -passthru -wait; read-host;"
exit/B
or simply
#echo off
cls
powershell -executionpolicy bypass -Command "start-process 'powershell' '-Command "C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-Aduser_test.ps1"' -credential $c -passthru -wait; read-host;"
exit/B
that will prompt for credentials
I am trying to run as powershell script as administrator on a windows server 2012 r2. The problem is that as soon as I start the script as admin it shutdown with out running it. The script works if I start powershell ISE and run the scripte as admin from there. Is there a setting I am missing?
Maybe execution of scripts is disabled. Try running this first.
set-executionpolicy -unrestricted
I set the cmd on Windows Server 2012 to always run as admin this way:
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "c:\Windows\System32\cmd.exe" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "c:\Windows\SysWOW64\cmd.exe" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "c:\Windows\System32\cmd.exe" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "c:\Windows\SysWOW64\cmd.exe" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "c:\Windows\System32\cmd.exe" /t REG_SZ /d "RUNASADMIN" /f
REG ADD "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "c:\Windows\SysWOW64\cmd.exe" /t REG_SZ /d "RUNASADMIN" /f
Maybe it will work with powershell too.